The EthereumICO plugin for WordPress has a security issue that allows attackers to insert harmful code into web pages. This can happen because the plugin does not properly check for and prevent this type of attack. Any version of the plugin up to and including 2.4.6 is affected. This vulnerability can only be exploited by users with contributor-level access or higher.